K
Q

Kubernetes Job not recognizing fsGroup in Pod

10/13/2016

I've tried to add fsGroup to a Job with no luck, the generated Pod doesn't include the fsGroup in the security context. Does a Kube Job allow for the fsGroup to be specified and then propagated to the generated Pod?

-- Jeff McCormick
kubernetes

Similar Questions

kubernetes deployment wait between pods on rolling update
Google Cloud/Kubernetes - Error adding container to network, no IP addresses available
Kubernetes is exposing docker interface ip
How can I schedule tasks to CPUs?

1 Answer

10/14/2016

I'm using Kubernetes 1.4 and successfully created a job with fsGroup. Maybe you misplaced fsGroup in your manifest? This is my manifest:

apiVersion: batch/v1
kind: Job
metadata:
  name: hello-world
spec:
  template:
    metadata:
      name: hello-world
    spec:
      containers:
        - name: hello-world-container
          image: hello-world
      securityContext:
        fsGroup: 1234
      restartPolicy: OnFailure

Output from kubectl describe job hello-world:

  FirstSeen LastSeen    Count   From            SubobjectPath   Type        Reason          Message
  --------- --------    -----   ----            -------------   --------    ------          -------
  4m        4m      1   {job-controller }           Normal      SuccessfulCreate    Created pod: hello-world-yzyz7

Output from kubectl get pod hello-world-yzyz7 -o yaml | grep fsGroup:

    fsGroup: 1234
-- Maciej Strzelecki
Source: StackOverflow